Unknown source causing slow computer, and Java problems

Solved
By exmatt
Aug 9, 2010
Topic Status:
Not open for further replies.
  1. First off, I'm going to do my best to answer your questions but this is a friends laptop and he said if I couldn't fix it that we were just going to go back to factory settings and clean it out completely but I dont think thats necessary.
    Second, Thank you for you time.
    Third, the problems. It started when trying to play Runescape and he got kicked off, then when he tried to reenter it was just a white screen. I'm guessing this is a java problem. However he said that when he tried to update java it wouldn't go. So I told him to bring it over. I clean it the best I could but there is still some problems.
    I KNOW there has to be more virus's and or trojens in his computer but I dont know how to find/ delete them. Also his computer was horribly slow and running at 100% all the time when I got it and I found this to be caused by windows media player network sharing or something like that. And I found the only way to function on his computer was to disable that. I dont know if he uses that but it was the only way.
    I have not tried to reload java as I wanted to make sure everything else was fixed first so..please if you can give me a little guidance I would be very thankful.

    NOTE: I don't know how to disable AVG so I had it running the whole time I was doing the logs. I dislike AVG so I dont normally use it and have no clue how to.

    GMER: Uh this wouldn't work for me... I saved it to my desktop and started it and it comes up with an error about c:\windows\system32\config\system: the system cannot find the file specified then I run the scan still and the log is completely empty... I tried downloading it twice and still the same thing.

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to the Techspot forums :).

    You may want to get rid of (uninstall) AVG and install either comodo or avast.

    ==

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  3. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    How do I stop AVG from running so I can run combofix? I dont want to delete it yet until I get a chance to talk to him about it since he paid for it I guess.
  4. crunchie

    crunchie Malware Helper Posts: 761

    Thats the reason I wrote the above. AVG is a pain to stop. You did say you didn't like it. But then it's somebody else's, so other than that you might try to stop the service and then the processes before running.
  5. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    You got that right I see no way to stop anything but the firewall. Oh well, he was going to erase it all anyways so as long as its fixed I will do that. Onto running combofix.
  6. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    Uh it comes up with an error - win32 only, incompatible os. and it goes on and on. I thought I installed it correctly? It might be because I'm on windows 7...so what do I do now? Did I mention I dislike windows 7? lol at least at first...
  7. crunchie

    crunchie Malware Helper Posts: 761

    I missed that. It's a 64bit platform.

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    It says the text I entered is too long do you want me to just attach them?
  9. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    Sorry didn't want to make you think I wasn't following instructions but even one by one they were too big.

    Attached Files:

  10. crunchie

    crunchie Malware Helper Posts: 761

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :File
      C:\32788R22FWJFW
      :OTL
      IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
      O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
      O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O4 - HKLM..\Run: []  File not found
      O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
      
      :Commands
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post the log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  11. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    All processes killed
    Error: Unable to interpret <:File> in the current context!
    Error: Unable to interpret <C:\32788R22FWJFW> in the current context!
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: matt
    ->Flash cache emptied: 687 bytes

    User: Mcx1-MATT-PC

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: matt
    ->Temp folder emptied: 16052709 bytes
    ->Temporary Internet Files folder emptied: 62082785 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MATT-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 31490 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 4027990 bytes

    Total Files Cleaned = 78.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.1 log created on 08102010_142120

    Files\Folders moved on Reboot...
    C:\Users\matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    Attached Files:

    • OTL.Txt
      File size:
      56.8 KB
      Views:
      0
  12. crunchie

    crunchie Malware Helper Posts: 761

    It looks like I have not included the s when doing the fix.

    Please run again as before and paste in the following;

    :Files
    C:\32788R22FWJFW


    Post the fix log please.

    How are things now?
  13. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    So paste in
    :Files
    C:\32788R22FWJFW
    :OTL ...
    on and on, or just
    :Files
    C:\32788R22FWJFW?

    Things seem to be good. I had to take his optical drive out yesterday to retrieve a CD that somehow had managed to get Outside the drive...I'll never understand how he managed that one either. However the fan is still running loud as ever, but from what I've read this is quite common with windows 7...I have no clue how to help that though, except hearing something about changing it from running constantly, but I dont know how to do that.
     
  14. crunchie

    crunchie Malware Helper Posts: 761

    Fan speeds may be changed from within the BIOS, unless you get a program such as speedfan to adjust them.

    Just enter into OTL exactly what I put in my last post in bold.
  15. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    ========== FILES ==========
    C:\32788R22FWJFW\N_ folder moved successfully.
    C:\32788R22FWJFW\License folder moved successfully.
    C:\32788R22FWJFW\EN-US folder moved successfully.
    C:\32788R22FWJFW folder moved successfully.

    OTL by OldTimer - Version 3.2.9.1 log created on 08112010_174325


    I changed it to not run constantly but i dont know how to change the speed. And I tried speedfan, it didn't work for windows 7.
  16. crunchie

    crunchie Malware Helper Posts: 761

    Ok. Just do an online scan for me now please to check for any hangers-on.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:


    ==========

    Is there another motherboard header that you can connect to? I take it there are no settings in bios that allow for different speeds at different temps?
  17. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    I do not believe there is another header. And I'll check again but I dont remember seeing any other settings but enabling fan on constantly or disableing.

    All the Log says is this--
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK

    But it found this as a threat--

    C:\Users\matt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll Win32/Adware.Gamevance.AG application
  18. crunchie

    crunchie Malware Helper Posts: 761

    You could upload that file for a scan to Jotti or virustotal to confirm ESET's findings.

    Cannot help anymore with the fan, other than getting a dedicated fan controller.
  19. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    3 out of the 19 on Jotti called it malware..11 out of 33 on virustotal which i noticed microsoft listed on there called it adware.

    One other thing, do you know how to stop Indexing? Its making his computer slower and its unneeded as he doesn't use it.
  20. crunchie

    crunchie Malware Helper Posts: 761

    Best remove that file :).

    For the indexer, go to the start button bottom left of screen and then go to the RUN command. Type in services.msc and hit ok.

    Scroll down until you see the Indexing Service and stop it, then disable it.
  21. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    How do I remove it? if I just delete it it would probably come back right?

    And crap, I knew how to do that! Oh well, thanks.
  22. crunchie

    crunchie Malware Helper Posts: 761

    So, you're all good? :)
  23. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    Should be. Thanks so much for your time. He'll be glad to get his laptop back now.
  24. crunchie

    crunchie Malware Helper Posts: 761

    No worries :).

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
  25. exmatt

    exmatt TechSpot Member Topic Starter Posts: 60

    kk done that too :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.